Difference between revisions of "Talk:Development Team/Chroot"
Jump to navigation
Jump to search
(New page: # ''outside chroot'' DISP=:1 # adjust to suit your configuration COOKIE=$(mcookie) AUTH=$(mktemp) echo "add $DISP . $COOKIE" | xauth -f "$AUTH" echo "add these commands to clients:"...) |
|||
| Line 1: | Line 1: | ||
| + | == Restricting Xephyr connections == | ||
# ''outside chroot'' | # ''outside chroot'' | ||
DISP=:1 # adjust to suit your configuration | DISP=:1 # adjust to suit your configuration | ||
| Line 10: | Line 11: | ||
And, ''inside'' the chroot, set the <tt>DISPLAY</tt> and <tt>XAUTHORITY</tt> variables as directed by the setup script and copy the <tt>"$AUTH"</tt> file from outside the chroot into the chroot to the path assigned to <tt>"$XAUTHORITY"</tt>. | And, ''inside'' the chroot, set the <tt>DISPLAY</tt> and <tt>XAUTHORITY</tt> variables as directed by the setup script and copy the <tt>"$AUTH"</tt> file from outside the chroot into the chroot to the path assigned to <tt>"$XAUTHORITY"</tt>. | ||
| + | |||
| + | == as_person script, when PAM is misconfigured == | ||
| + | cat > as_person <<EOF | ||
| + | #!/usr/bin/env python | ||
| + | from os import environ, chdir, setgroups, setgid, setuid, execve | ||
| + | from sys import argv | ||
| + | from pwd import getpwnam | ||
| + | user = getpwnam(argv[1]) | ||
| + | environ['HOME'] = user.pw_dir | ||
| + | environ['USER'] = user.pw_name | ||
| + | chdir(user.pw_dir) | ||
| + | setgroups([user.pw_gid]) | ||
| + | setgid(user.pw_gid) | ||
| + | setuid(user.pw_uid) | ||
| + | execve(argv[2], argv[2:], environ) | ||
| + | EOF | ||
| + | chmod a+x as_person | ||
| + | ./as_person sugar /usr/bin/sugar | ||
Revision as of 10:50, 23 May 2009
Restricting Xephyr connections
# outside chroot DISP=:1 # adjust to suit your configuration COOKIE=$(mcookie) AUTH=$(mktemp) echo "add $DISP . $COOKIE" | xauth -f "$AUTH" echo "add these commands to clients:" echo "export DISPLAY=\"localhost$DISP\"" echo "export XAUTHORITY=\"$AUTH\"" Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH"
And, inside the chroot, set the DISPLAY and XAUTHORITY variables as directed by the setup script and copy the "$AUTH" file from outside the chroot into the chroot to the path assigned to "$XAUTHORITY".
as_person script, when PAM is misconfigured
cat > as_person <<EOF
#!/usr/bin/env python from os import environ, chdir, setgroups, setgid, setuid, execve from sys import argv from pwd import getpwnam user = getpwnam(argv[1]) environ['HOME'] = user.pw_dir environ['USER'] = user.pw_name chdir(user.pw_dir) setgroups([user.pw_gid]) setgid(user.pw_gid) setuid(user.pw_uid) execve(argv[2], argv[2:], environ) EOF chmod a+x as_person ./as_person sugar /usr/bin/sugar